D4.4 Guidelines for Secure Authentication to the Cloud

Contributing Partners


Executive Summary
During its development, the CREDENTIAL project had to face important issues related to privacy-preserving data, identity provision, authentication data, and their contextualization within a cloud environment. Studying the most successful technologies in the field helped the team in taking the sound decisions. The present document shows the in-depth study carried out throughout the project, with a particular focus on the “authentication to the cloud” topic, leveraging the lesson learned during the CREDENTIAL initiative.
Firstly, requirements related to the authentication-to-the-cloud are analysed from a general perspective, studying security and privacy topics, and the cloud requirements more particularly. A drill down of the CREDENTIAL requirements follows, with the aim of exposing what aspects could be improved.
Further on, the document focuses on the two most important strong authentication/authorization frameworks, namely, FIDO and OATH. Both of them can provide a second strong authentication factor, which was missing in the original. FIDO resulted being our favourite methodology.
The document then shows a review of state of the art authentication techniques, such as biometric mechanisms, hardware solutions, and privacy-enhancing technologies.
A technical assessment on how to accomplish a secure authentication-to-the-cloud is then carried out, conforming to FIDO Alliance guidelines, followed by a list of improvements to the cloud authentication process, which takes into account all the previous research work.
Finally, depict enhanced CREDENTIAL scenarios where those improvements could be used.